[dns-operations] Configurable TC=1?

Keith Mitchell keith at dns-oarc.net
Thu Dec 24 15:34:26 UTC 2015

On 12/23/2015 10:48 PM, Roland Dobbins wrote:

> I don't have any statistics, but my (totally subjective) gut feeling 
> is that CPE NATs passing along out-of-scope packets unmodified isn't 
> that common.

> But we need a better feel for the scope of the CPE NAT scope
> problem, just the same, because we must press this issue on multiple
> fronts.
> What I would really like to see is a conclave involving the major 
> operating system vendors - Microsoft, Apple, Google, the appropriate 
> Linux distros, FreeBSD - with the aim of convincing them that it's in
> their interest to incorporate Spoofer Project-type functionality 
> (<http://spoofer.caida.org/>) into the operating systems they 
> produce, with the resultant data published and analyzed on a 
> pubicly-accessible portal, said data also made available for all and 
> sundry to analyze for themselves, should they wish to do so.

Totally agree - while it's great that the CAIDA folks have taken over
Spoofer, and OARC is doing what we can to support other such SAV
research, a major missing piece of the puzzle on BCP38 enforcement is
better data about the extent, scope and localities of the problem. Hard
evidence ought to be more persuasive than gut-feel speculation, and even
it does not persuade it should at least help point the finger.


More information about the dns-operations mailing list